From bec83686f478de50aaa0172aa185ad9064416652 Mon Sep 17 00:00:00 2001
From: Monty Taylor <mordred@inaugust.com>
Date: Fri, 28 Nov 2014 11:35:00 -0500
Subject: [PATCH] Unset requiretty if it exists in sudoers

Fedora sets requiretty globally by default. This makes sense for
interactive machines with lots of password typing, but is pretty
attrocious for machines that might need users who remotely sudo to do
things. Just remove the setting.

Change-Id: Ic32bd92061a73f854683cc0d2d8919071dabe8cf
---
 .../pre-install.d/00-allow-heat-admin-sudo           |  8 --------
 elements/rpm-distro/pre-install.d/00-allow-root-sudo |  8 --------
 elements/rpm-distro/pre-install.d/00-fix-requiretty  | 12 ++++++++++++
 3 files changed, 12 insertions(+), 16 deletions(-)
 delete mode 100755 elements/rpm-distro/pre-install.d/00-allow-heat-admin-sudo
 delete mode 100755 elements/rpm-distro/pre-install.d/00-allow-root-sudo
 create mode 100755 elements/rpm-distro/pre-install.d/00-fix-requiretty

diff --git a/elements/rpm-distro/pre-install.d/00-allow-heat-admin-sudo b/elements/rpm-distro/pre-install.d/00-allow-heat-admin-sudo
deleted file mode 100755
index 8149d8bb..00000000
--- a/elements/rpm-distro/pre-install.d/00-allow-heat-admin-sudo
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-set -eu
-set -o pipefail
-
-# heat-admin can not sudo without a tty by default
-echo 'Defaults:heat-admin !requiretty' >> /etc/sudoers.d/heat-admin-notty
-chmod 0440 /etc/sudoers.d/heat-admin-notty
-visudo -c
diff --git a/elements/rpm-distro/pre-install.d/00-allow-root-sudo b/elements/rpm-distro/pre-install.d/00-allow-root-sudo
deleted file mode 100755
index d6f9db97..00000000
--- a/elements/rpm-distro/pre-install.d/00-allow-root-sudo
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-set -eu
-set -o pipefail
-
-# root can not sudo without a tty by default.
-echo "Defaults:root !requiretty" >> /etc/sudoers.d/root-notty
-chmod 0440 /etc/sudoers.d/root-notty
-visudo -c
diff --git a/elements/rpm-distro/pre-install.d/00-fix-requiretty b/elements/rpm-distro/pre-install.d/00-fix-requiretty
new file mode 100755
index 00000000..be7e105b
--- /dev/null
+++ b/elements/rpm-distro/pre-install.d/00-fix-requiretty
@@ -0,0 +1,12 @@
+#!/bin/bash
+set -eu
+set -o pipefail
+
+# Fedora sets requiretty by default, which while great for machines that are
+# going to see a lot of passwords sent over the wire because of interactive
+# activity, that's not how we're using these. Remove the setting, and the
+# comments about it
+
+sed -i -e '/^Defaults\s*requiretty/d' -e '/Disable "ssh hostname/d' /etc/sudoers
+sed -i -e '/You have to run/d' /etc/sudoers
+visudo -c